Eighteen months after Anthropic released the Model Context Protocol, the ecosystem has the scale of a real market — and the quality problems of one. By May 2026, public directories index over 10,000 MCP servers, with another ~10,000 forks and abandoned variants. Glama, Smithery, and MCPMarket compete to be the “npm of MCPs.” Most servers are free; the handful that charge run from $19/mo to $149/mo.
The growth is real. But so is the quality crisis. This piece looks at where MCP actually stands in mid-2026 — and why volume marketplaces are about to have a reckoning.
Adoption: real, broad, mainstream
MCP went from “Anthropic experiment” in late 2024 to “de facto standard” by early 2026. The numbers:
- Claude Desktop: 12.48M MAU mobile (+49% MoM in Feb 2026), 18.9M MAU web. 300k+ business customers.
- Cursor: 1M+ daily active users, 360k paying customers, 64% of Fortune 500. MCP support is a first-class feature with one-click install.
- VS Code + Copilot: 1.8M+ paid subscribers; MCP support shipped in 2025.
- Windsurf, Continue, Zed, Goose: smaller, but combined ~500k+ developers using MCP.
Conservatively, ~500k–1M developers use at least one MCP server in production. The “power user” tier — developers running 3+ servers daily — is roughly 100k–200k strong. That's the segment paying for tooling.
The marketplaces split into five categories
By mid-2026, the platform space settled into five distinct positions:
- Volume marketplaces — Smithery (7,000+ servers), MCPMarket (10,000+). Wide net, no quality bar.
- Discovery + chat platforms — Glama, PulseMCP. Browse + try servers; some monetization.
- Managed integration platforms — Composio (500+ apps, $29–$229/mo), Klavis ($99–$499/mo), Pipedream. Enterprise gateway play.
- Enterprise governance — Salesforce Agentforce, Kiteworks. Aimed at compliance-heavy buyers.
- Quality / curation — only CuratedMCP meaningfully occupies this position. Every server human-reviewed; 22 rejected for quality to date.
That last category is the one most developers actually want — but which the volume players can't credibly extend into. Once you've branded yourself as the “Docker Hub of MCPs,” you can't add a curation layer without diluting the brand.
Pricing has converged on $19–29/mo for individuals
After 18 months of experimentation, the developer-tier pricing is settling:
- Free tier with browse + free servers (required — anyone without a strong free tier loses to anyone with one)
- Pro tier at $19–29/mo: Glama at $26, Composio Standard at $29, most paid MCPs at $19
- Team tier at $99–499/mo (Klavis, Composio Pro)
- Enterprise: custom, never published
The market gives developers signal: $20–30/mo is what pro-grade dev tooling costs, and that's the slot Cursor Pro ($20), Claude Pro ($20), Copilot ($10–39) all sit in. Anything more expensive needs to justify itself with team features.
The quality crisis is reshaping the market
Here's what's not in any annual report: most MCP servers are broken or risky. The last six months have seen a stream of incidents:
- Credential exfiltration via overly permissive MCP servers
- Servers that bundle outdated dependencies with known CVEs
- “Helpful” servers that quietly run shell commands they didn't disclose
- Abandoned servers that stop working with the latest MCP spec
On a 10,000-server volume marketplace, the maintainers can't review every server. On a 68-server curated marketplace, every server is human-tested. That's the argument in a single sentence.
Senior developers have figured this out. They install fewer, higher-quality servers. They demand security review. They will pay for it — see Cursor's $200M+ ARR — they just need the right product.
Enterprise: the next leg of growth
The push everyone is making right now is around enterprise governance. The problem statement: companies have employees installing MCP servers ad-hoc into Claude Desktop / Cursor — “shadow MCP” — with no audit trail or policy. Compliance teams are noticing.
Six core controls are emerging as table stakes for enterprise MCP governance: OAuth 2.0 with credentials outside AI context, per-operation RBAC/ABAC, attribution-level audit logs, path/scope controls, rate limiting, and sensitivity label evaluation.
Salesforce's Agentforce shipped the beta of this in Q1. Composio has it as part of their enterprise tier. CuratedMCP's control plane is live today, sold as a 60-day governance pilot to founding customers. The market is real: ~1,000–3,000 enterprises with shadow MCP deployments need this within 12 months.
Where the market goes from here
Three predictions for the next 12 months:
- Quality marketplaces will outgrow volume marketplaces in revenue per user. Volume wins page views; quality wins paying customers.
- Enterprise governance will produce the first $5M+ ARR MCP company. Whoever ships RBAC + audit + policy first to a compliance-friendly buyer wins.
- Publisher monetization will inflect in 2027. Apify already shows MCP publishers earning $2k+/mo; that number doubles or triples as marketplaces add subscription rev-share infrastructure.
What to do as a developer
Practical advice for someone building with MCPs in mid-2026:
- Audit what you have. Run MCP Auditor against your installed servers. Most developers are surprised by what they find.
- Reduce surface area. 5 trusted servers beat 30 random ones.
- Use risk classification. Read-only MCPs are safer than read/write or execute. Match the risk level to the task.
- If you publish servers, the quality marketplaces are where paying users are. Apify, CuratedMCP, even Smithery's pro tier will give you real distribution. Open marketplaces are great for SEO, weak for revenue.
The MCP ecosystem in mid-2026 looks a lot like npm in 2014: real scale, real usage, but a quality and security model that hasn't caught up. The platforms that figure out trust win the next phase.